A politically motivated hacking group has leaked the personal data of nearly a thousand U.S. federal law enforcement officials, including agents from the Department of Homeland Security (DHS), Immigration and Customs Enforcement (ICE), and the Department of Justice (DOJ). The exposure, which includes home addresses and emails, significantly raises the risk of targeted harassment and violence against officers and their families.
Coordinated Data Leak Targets DHS, DOJ, and FBI Employees
According to investigative findings, the breach was orchestrated by The Com, a hacker collective previously tied to politically charged leaks and high-profile cyberattacks. The attackers reportedly exfiltrated and published personal information belonging to 680 DHS employees, 190 DOJ officials, and 170 FBI staff members.
The data, which includes names, office locations, and private addresses, was verified by multiple journalists and appears authentic. The leak was announced on the Scattered LAPSUS$ Hunters Telegram channel, where the attackers taunted federal authorities and hinted at additional upcoming breaches.
“U guys want IRS next?” one message read, suggesting future plans to target other U.S. government agencies.
Cyber analysts believe the attackers exploited internal data-sharing systems or an unprotected cloud environment to collect the sensitive details. While the specific intrusion vector remains unconfirmed, indicators suggest credential theft or insider collaboration.
The breach comes amid heightened political tensions following the administration’s renewed immigration crackdown, with masked DHS and ICE officers conducting operations in several U.S. cities. Critics warn that the exposure of agents’ data could trigger real-world retaliation against federal personnel involved in these controversial operations.
Hackers Link Doxxing Campaign to Cartel Bounty Networks
The Telegram posts also referenced intelligence reports alleging that Mexican cartels had placed bounties on federal agents, paying sympathizers and street gangs to track or attack personnel. The leaked document reportedly detailed a tiered bounty system, incentivizing violence based on an agent’s role or rank.
Under this system, $2,000 was allegedly offered for gathering intelligence or doxxing an agent — including capturing personal photos or identifying relatives. Non-lethal assaults or kidnappings could earn between $5,000 and $10,000, while assassinations of senior officials reportedly carried payouts as high as $50,000.
“I want my MONEY MEXICO,” another Telegram post read, seemingly mocking the DHS’s previous warnings about cartel-linked threats.
These developments underscore the convergence of cyber operations and physical security threats, where data breaches directly enable real-world targeting of law enforcement.
Surge in Violence Against ICE Officers and Families
The Department of Homeland Security condemned what it described as “dangerous doxxing attacks,” warning that online exposure of officer data is fueling a rise in direct assaults.
“Our officers are facing a more than 1000% increase in assaults against them, and their families are being doxxed and threatened online,” DHS stated in an October 9 press release.
Recent incidents illustrate the threat escalation. In one case, three women were indicted for livestreaming their pursuit of an ICE agent to his home, chanting “Neighbor is ICE!” and revealing his address on Instagram. What began as a protest evolved into a real-time doxxing event, amplifying the agent’s exposure to physical harm.
In Texas, an ICE officer’s spouse received a threatening phone call, saying:
“I don’t know how you let your husband work for ICE, and you sleep at night… Did you hear what happened to the Nazis after World War II? Because it’s what’s going to happen to your family.”
Another case in Massachusetts involved an individual sending a Facebook message to an officer’s family member, stating:
“Your husband, the ICE man, is a f* and retribution will come your way eventually.”*
Such cases highlight how leaked data from cyber incidents is increasingly being weaponized to intimidate law enforcement and their families — blending cyber harassment with real-world extremism.
Technical and Strategic Implications
While attribution remains uncertain, cybersecurity experts note that The Com’s tactics resemble previous hack-and-leak operations carried out by ideologically driven collectives. These operations often exploit exposed credentials, cloud misconfigurations, or OSINT-gathered data to compile and weaponize doxxing lists.
The incident reinforces the need for:
- Stricter identity and access management (IAM) controls across government agencies.
- Continuous monitoring for credential reuse or exfiltration indicators.
- Rapid takedown protocols for doxxed data across public and dark web platforms.
- Cross-agency threat intelligence sharing to identify politically motivated cyber actors before escalation.
With politically motivated hackers now bridging digital leaks and physical intimidation, U.S. agencies face an urgent challenge in protecting personnel from both cyber and kinetic retaliation.
